<?php
/**
 * Project:      CMS Danneo : Content management system
 * File:         base/danneo.track.php
 * @version	 $Id: Danneo CMS v.0.5.4 Release $
 * @package      CMS Danneo basis kernel
 * @copyright    Copyright (C) 2004 - 2010 Danneo Team. All rights reserved.
 * @link         http://danneo.com, http://danneo.ru
 * @license      http://www.gnu.org/licenses/gpl-2.0.html   GNU General Public License, version 2
 */
if (!defined("DNREAD")) {
	exit();
}
global $setting,$lang,$ajax;
/**
 * HTTP_USER_AGENT
 */
if ($_SERVER['HTTP_USER_AGENT'] == '-' || empty($_SERVER['HTTP_USER_AGENT'])) {
    die('Bad metods !');
}
/**
 * TRACE
 */
if ($_SERVER['REQUEST_METHOD'] == 'TRACE') {
	die('Bad metods !');
}
/**
 * GLOBALS
 */
if (isset($_REQUEST['GLOBALS']) || isset($_FILES['GLOBALS'])) {
	die('Bad metods !');
}
if (!is_array($GLOBALS)) {
	die('Bad metods !');
}
/**
 * REQUEST
 */
if (!isset($_REQUEST)) {
	return;
}
/**
 * badcount
 */
$badcount = 0;
/**
 * badops
 */
$badops = array("UNION",
                "OUTFILE",
                "FROM",
                "CREATE",
                "SELECT",
                "WHERE",
                "SHUTDOWN",
                "UPDATE",
                "DELETE",
                "CHANGE",
                "MODIFY",
                "RENAME",
                "RELOAD",
                "ALTER",
                "GRANT",
                "DROP",
                "INSERT",
                "CONCAT",
                "cmd",
                "exec",
                "\([^>]*\"?[^)]*\)",
                "<[^>]*body*\"?[^>]*>",
                "<[^>]*script*\"?[^>]*>",
                "<[^>]*object*\"?[^>]*>",
                "<[^>]*iframe*\"?[^>]*>",
                "<[^>]*img*\"?[^>]*>",
                "<[^>]*frame*\"?[^>]*>",
                "<[^>]*applet*\"?[^>]*>",
                "<[^>]*meta*\"?[^>]*>",
                "<[^>]*style*\"?[^>]*>",
                "<[^>]*form*\"?[^>]*>",
                "<[^>]*div*\"?[^>]*>"
                );
/**
 * foreach REQUEST
 */
foreach ($_REQUEST as $params => $inputdata) {
    for ($i = 0; $i < sizeof($badops); $i++) {
            if (is_string($inputdata) && preg_match('/'.$badops[$i].'/i',$inputdata)) {
                 $badcount = 1;
            }
    }
}

if ($badcount == 1) {
    header('Last-Modified: '.gmdate("D, d M Y H:i:s").' GMT');
    header('Content-Type: text/html; charset='.$setting['langcharset'].'');
    die('You use the forbidden tags');
}
?>